Page 124 - Courses
P. 124

IT Essentials — Assessing Infrastructure and Networks

            Remote access inherently presumes an insecure Layer 2 through 4 connection. When using a VPN,
            before data is sent, the session layer (Layer 5) provides an encrypted tunnel to transfer data. This is
            an important security measure for the organization in the event that a non-employee gains access to
            the data. If so, the entire encapsulated contents, and in some cases, even the transmission
            information, are encrypted. The internal system receiving these connections and decrypting the
            contents are called point of presence (PoP). Due to their role, point of presence (PoP) servers should
            never be attached to the internet. The most common way to achieve point of presence (PoP)
            services is by using a VPN to encrypt traffic between the host and the internal network PoP.

            Virtual Desktop

            How do employees who only have personal devices at home connect to the corporate network?

            Those employees use a piece of software called virtual desktop for remote access. We have the same
            product in place for disaster recovery. Virtual desktop protocols such as Microsoft’s Remote Desktop
            Protocol (RDP) give users a graphical interface to connect one system (computer) to another over a
            network connection. The primary use of virtual desktop protocols is to provide technical support
            and to administer servers that do not have a keyboard, video monitor, or mouse attached to them,
            allowing administrators to operate and maintain servers in a data center.

            Both computers must have the same virtual desktop protocol software installed to use this function.
            To access another computer, a remote user must have both the IP address and the ability to
            authenticate (e.g., login, offer a security token). For security purposes, virtual desktop protocol
            software connections are often blocked at the perimeter firewall or in the DMZ.

             TOPIC 4: NETWORK COMPONENTS AND CONCEPTS

            Network Components and Concepts

            A typical network architecture has several components. You can see I have broken them into
            Endpoints, Security Services, Servers (Hosts), and DMZ. Take a moment and look at this graphic.



















            Typical Network Architecture Components
            Source: IIA GTAG: “IT Essentials for Internal Auditors”


            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
   119   120   121   122   123   124   125   126   127   128   129